ai-rag-pipeline

SUSPICIOUS. The skill’s capabilities broadly match its RAG purpose, but it relies on a third-party platform CLI, routes data through inference.sh-managed apps, and instructs transitive skill installation. This looks like a coherent platform integration rather than confirmed malware, but the supply-chain, external-content, and delegated-trust risks are significant enough to treat it as medium risk.